Legal
GDPR & Data Protection
BluePrintStudiol LLC is committed to processing personal data responsibly and in compliance with applicable data protection legislation. This page explains our approach to data protection under the EU General Data Protection Regulation (GDPR) and the Law of Ukraine "On Personal Data Protection" (the "Ukrainian DPA Law"). We serve clients from Ukraine and, where applicable, from the European Union and European Economic Area, and we apply GDPR-consistent standards to all personal data we handle.
1. Data controller
The data controller responsible for your personal data is:
BluePrintStudiol LLC
7 Instytutska St, Kyiv 01021, Ukraine
Email:
privacy@blueprintstudiol.com.ua
Phone: +380 44 390 27 15
As a controller, we determine the purposes and means by which personal data is processed. We do not currently have a formal Data Protection Officer (DPO) under the GDPR, as this is not required given our scale. All data protection enquiries should be directed to the contact above.
2. Lawful bases for processing personal data
Under Article 6 of the GDPR, every processing activity must be based on at least one of the following lawful bases. BluePrintStudiol processes personal data on the following grounds:
2.1 Consent (Article 6(1)(a))
We rely on consent where you have freely, specifically, informedly and unambiguously given permission for processing — for example, when you submit our contact form and tick the consent checkbox, or when you accept non-essential analytics cookies through our cookie banner. You have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent, contact us at privacy@blueprintstudiol.com.ua.
2.2 Contractual necessity (Article 6(1)(b))
Where you have requested a proposal or entered into a contract for our architectural or engineering services, we process your personal data to the extent necessary to take pre-contractual steps at your request and to perform the contract.
2.3 Legitimate interests (Article 6(1)(f))
We rely on legitimate interests to process certain data for purposes such as operating and improving our website, maintaining records of professional communications, and protecting our systems against fraud and unauthorised access. We have conducted balancing tests to ensure these interests are not overridden by your fundamental rights and freedoms.
2.4 Legal obligation (Article 6(1)(c))
Where processing is necessary for compliance with a legal obligation under Ukrainian law — for example, record-keeping requirements under tax or professional regulation — we process data on this basis.
3. Your rights as a data subject
Under the GDPR and the Ukrainian DPA Law, individuals whose personal data we process have the following rights. To exercise any of these rights, please contact us at privacy@blueprintstudiol.com.ua. We will respond within 30 days of receiving your request.
3.1 Right of access (Article 15 GDPR)
You have the right to obtain confirmation of whether we are processing your personal data, and if so, to receive a copy of that data together with information about: the purposes of processing, the categories of data, any recipients, the retention period, and the existence of other data subject rights.
3.2 Right to rectification (Article 16 GDPR)
You have the right to request that we correct any inaccurate personal data we hold about you, and to have incomplete data completed, including by providing a supplementary statement.
3.3 Right to erasure — "right to be forgotten" (Article 17 GDPR)
You have the right to request the deletion of your personal data where: it is no longer necessary for the purpose for which it was collected; you have withdrawn consent and there is no other legal basis; you have objected and there are no overriding legitimate grounds; or the data has been unlawfully processed. This right is subject to limitations, including where retention is required by law.
3.4 Right to restriction of processing (Article 18 GDPR)
You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, where you contest the accuracy of the data, while we verify it; or where processing is unlawful but you prefer restriction to erasure.
3.5 Right to data portability (Article 20 GDPR)
Where processing is based on consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit that data to another controller. This right applies to data that you provided to us directly (such as the content of a contact form submission).
3.6 Right to object (Article 21 GDPR)
Where we process your data on the basis of legitimate interests, you have the right to object to that processing at any time on grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights, or the processing is necessary for the establishment, exercise or defence of legal claims.
3.7 Right to withdraw consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent, contact us at privacy@blueprintstudiol.com.ua.
3.8 Rights related to automated decision-making (Article 22 GDPR)
We do not make decisions about individuals based solely on automated processing that produce legal effects or similarly significant effects. If this changes, we will inform you and put appropriate safeguards in place.
4. How to exercise your rights
To exercise any of the rights above, please submit a written request to privacy@blueprintstudiol.com.ua or by post to 7 Instytutska St, Kyiv 01021, Ukraine. We may need to verify your identity before processing your request. We will respond within 30 calendar days. Where requests are complex or numerous, we may extend this period by a further two months, and will notify you accordingly.
We do not charge a fee for handling reasonable requests. Where requests are manifestly unfounded, repetitive or excessive, we may charge a reasonable administrative fee or refuse to act on the request.
5. International data transfers
Our primary operations are in Ukraine. When we use third-party service providers whose servers are located outside Ukraine, we take steps to ensure that personal data is protected to a standard equivalent to that required under the GDPR. For transfers to countries that the European Commission has not recognised as providing adequate protection, we rely on standard contractual clauses (SCCs) or other appropriate safeguards as required.
6. Data retention
We retain personal data only as long as necessary for the purposes set out in our Privacy Policy. Where personal data forms part of project documentation (architectural drawings, structural calculations, correspondence), it is retained for a minimum of ten years following project completion, in accordance with professional obligations under Ukrainian law.
7. Security measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encrypted data transmission (HTTPS), access controls, regular security reviews and staff awareness. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, and will inform affected individuals where required.
8. Supervisory authority
If you are located in Ukraine, you have the right to lodge a complaint with the Authorised State Body for Personal Data Protection (the Commissioner of the Verkhovna Rada of Ukraine for Human Rights), which serves as the data protection supervisory authority for Ukraine.
If you are located in an EU or EEA member state, you also have the right to lodge a complaint with the supervisory authority in your country of residence or in the country where the alleged breach occurred. A list of EU supervisory authorities is available at edpb.europa.eu.
We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority, and invite you to contact us first.
9. Updates to this page
We review and update this GDPR & Data Protection page when required by changes to applicable law or our processing activities. The current version is always available at this URL with the effective date shown above.
10. Contact
For all data protection matters, please contact us at:
BluePrintStudiol LLC
7 Instytutska St, Kyiv 01021, Ukraine
Email:
privacy@blueprintstudiol.com.ua
Phone: +380 44 390 27 15